What is the concept of white box and black box in audit?
Can somebody explain this?
White box and black box testing is usually associated with software testing. In audit the same principles can be applied in CIS / EDP environment . White box approach is where auditor audits through the computers, where software/ program used to process the transactions is tested and reliance is placed on such testing results. Computer assisted audit techniques are used. Black box approach is where the auditor is basically not well versed about the computer processing, it is also know as audit around the computer, where documents are taken in physical form and audit techniques are applied on them.